An integrated information communication system capable of improving information security is provided, in which an IP packet is detected which is sent from an external area toward either an operation management server or a relay apparatus, the detected IP packet is not entered inside the integrated information communication system in order to reduce such a chance that the operation management server and the relay apparatus are unfairly attacked. Also, such an IP packet is detected and discarded, which violates an address application rule established so as to keep secret of a communication company network. An address which is applied to either an operation management server or a relay apparatus employed in the integrated information communication system is sectioned, or classified as an “address which is not opened outside network” with respect to an external area of the communication system. A packet filter is installed in an address control apparatus.
Legal claims defining the scope of protection, as filed with the USPTO.
1. An integrated information communication system, comprising: a first access control apparatus for receiving an external packet via an external communication line and for converting the external packet into an internal packet by assigning the external packet with a simple header based on a conversion table in said access control apparatus, wherein said external packet includes an external source address and an external destination address, said simple header includes an internal destination address and an information section; a network for transferring the internal packet to a second access control apparatus associated to said internal destination address, wherein when a set of three addresses comprising a source internal address assigned to a logic terminal of a communication line termination receiving said external packet, the external destination address of said received external packet and the external source address of the received external packet is registered as a record in the conversion table of said first access control apparatus, said external packet is converted into said internal packet.
2. The integrated information communication system of claim 1 wherein the conversion table comprises at least two records having each a different destination address and a different internal address assigned to a logic terminal of a communication line terminal, whereby a transfer destination of said internal packet is changeable by changing the external destination address of the received external packet.
3. An integrated information communication system as claimed in claim 1 , wherein the IP packets are associated with communication protocol types, and wherein the second access control apparatus is provided for assigning a predetermined priority level to the IP packets in accordance with the type of protocol the IP packets are associated with.
4. An integrated information communication system as claimed in claim 3 , wherein when said protocol is TCP, and wherein said priority level have a predetermined value for every internal source address.
5. An integrated information communication system as claimed in claim 3 , wherein when said protocol is UDP, and wherein said priority level have a predetermined value for every internal source address.
6. An integrated information communication system as claimed in claim 1 , wherein the IP packets are associated with communication protocol types, and wherein the second access control apparatus is provided for assigning a predetermined priority level to the external packet reached in accordance with the type of protocol the IP packet is associated with.
7. An integrated information communication system as claimed in claim 6 , wherein when said protocol is TCP, said priority level have a predetermined value for every internal source address.
8. An integrated information communication system as claimed in claim 6 , wherein when said protocol is UDP, said priority level have a predetermined value for every internal source address.
9. An integrated information communication system comprising: a first access control apparatus for receiving an external packet via an external communication line and for converting the external packet into an internal packet by assigning the external packet with a simple header based on a conversion table in said access control apparatus, wherein said external packet includes an external source address and an external destination address, said simple header includes an internal destination address and an information section; a network for transferring the internal packet to a second access control apparatus associated to said internal destination address, wherein when a set of three addresses comprising a source internal address assigned to a logic terminal of a communication line termination receiving said external packet, the external destination address of said received external packet and the external source address of the received external packet is registered as a record in the conversion table of said first access control apparatus, is said external packet converted into said internal packet wherein the record further comprises an address mask, and wherein said external packet is converted into said internal packet if a logical product of the mask and the external destination address of the received packet coincides with the external destination address in the record.
10. An IP communication system for transferring IP packets with priority control by using a destination port number, wherein: an IP network is constructed by connecting plural access control apparatus via communication lines; each of said access control apparatus has plural logical terminals and a conversion table, and said conversion table includes a port table, an access control apparatus AC 1 includes a conversion table H 1 , an access control apparatus AC 2 includes a conversion table H 2 , and a port table in said conversion table H 2 includes a combination of a receiver priority and a destination port number, a terminal T 1 is connected to a logical terminal LP 1 of said access control apparatus AC 1 via a communication line L 1 , and a terminal T 2 is connected to a logical terminal LP 2 of said access control apparatus AC 2 via a communication line L 2 , said terminal T 1 sends an external IP packet to said communication line L 1 l, said external IP packet is inputted to said access control apparatus AC 1 from said logical terminal LP 1 , said access control apparatus AC 1 obtains an internal destination address 2 , with reference to said conversion table H 1 , based on both a destination external IP address in said external IP packet and a discrimination information for discriminating said logical terminal LP 1 , said access control apparatus AC 1 forms an internal IP packet including said external IP packet and said internal destination address 2 as its destination address, and said access control apparatus AC 1 sends said internal IP packet to said access control apparatus AC 2 , when said access control apparatus AC 2 receives said internal IP packet, said access control apparatus AC 2 references a pair of a receiver priority and a destination port number of a port table in said conversion table H 2 , and said access control apparatus AC 2 judges whether said destination port number coincides with a destination port number included in said external IP packet in said internal IP packet or not, in a case that said destination port number does not coincide with said destination port number included in said external IP packet, said access control apparatus AC 2 discards said internal IP packet including said external IP packet, in a case that said destination port number coincides with said destination port number included in said external IP packet, said access control apparatus AC 2 decides an order to send said internal IP packet from said logical terminal LP 2 in accordance with said receiver priority, and whereby said access control apparatus AC 2 restores said external IP packet from said internal IP packet, and said restored external IP packet is sent to said terminal T 2 via logical terminal LP 2 and said communication line L 2 .
11. An IP communication system for transferring IP packets with priority control by using a destination port number, wherein: an IP network is constructed by connecting plural access control apparatus via communication lines, each of said access control apparatus has plural logical terminals and a conversion table, and said conversion table includes a port table, an access control apparatus AC 1 includes a conversion table H 1 , an access control apparatus AC 2 includes a conversion table H 2 , and a port table in said conversion table H 1 includes a combination of a sender priority and a destination port number, a terminal T 1 is connected to a logical terminal LP 1 of said access control apparatus AC 1 via a communication line Li, and a terminal T 2 is connected to a logical terminal LP 2 of said access control apparatus AC 2 via a communication line L 2 , said terminal T 1 sends an external IP packet to said communication line L 1 , said external IP packet is inputted to said access control apparatus AC 1 from said logical terminal LP 1 , said access control apparatus AC 1 obtains an internal destination address 2 , with reference to said conversion table H 1 , based on both a destination external IP address in said external IP packet and a discrimination information for discriminating said logical terminal LP 1 , said access control apparatus AC 1 references a pair of a sender priority and a destination port number of a port table in said conversion table H 1 , and said access control apparatus AC 1 judges whether said destination port number coincides with a destination port number included in said external IP packet, in a case that said destination port number does not coincide with said destination port number included in said external IP packet, said access control apparatus AC 1 discards said external IP packet, in a case that said destination port number coincides with said destination port number included in said external IP packet, said access control apparatus AC 1 forms an internal IP packet including said external IP packet and said internal destination address 2 as its destination address, and said access control apparatus AC 1 decides an order to send said internal IP packet to said access control apparatus AC 2 in accordance with said sender priority, and whereby said access control apparatus AC 1 sends said formed internal IP packet to said access control apparatus AC 2 , said access control apparatus AC 2 restores said external IP packet from said internal IP packet, and said restored external IP packet is sent to said terminal T 2 via logical terminal LP 2 and said communication line L 2 .
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
October 19, 2005
April 7, 2009
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.